From: Ben Laurie <ben@openssl.org>
Date: Sat, 13 Sep 2003 17:03:54 +0000 (+0000)
Subject: Make TLSv1 work in FIPS mode.
X-Git-Tag: BEN_FIPS_TEST_1~23
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c45c8f3f1c8ac86048fefae5470db6420e84c1fb;p=oweals%2Fopenssl.git

Make TLSv1 work in FIPS mode.
---

diff --git a/crypto/md32_common.h b/crypto/md32_common.h
index 6d65c52fcd..46603a019d 100644
--- a/crypto/md32_common.h
+++ b/crypto/md32_common.h
@@ -130,6 +130,7 @@
 
 #include <openssl/fips.h>
 #include <openssl/err.h>
+#include "../fips/fips_locl.h"
 
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
@@ -559,7 +560,7 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
 	const unsigned char *cp=end;
 
 #ifdef FIPS
-	if(FIPS_mode)
+	if(FIPS_mode && !FIPS_md5_allowed)
 	    {
 	    FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
 	    return 0;
diff --git a/fips/fingerprint.sha1 b/fips/fingerprint.sha1
index 84374ff629..31db32e753 100644
--- a/fips/fingerprint.sha1
+++ b/fips/fingerprint.sha1
@@ -1,4 +1,4 @@
-SHA1(fips.c)= e41f98ed7cd7dbd3c45b91db526dafb7ebc3550c
+SHA1(fips.c)= e7af483a2ca3c0a845b4528b936e143bfdae945e
 SHA1(fips_err_wrapper.c)= 527047304bfaa75f6ace20b4f7ac3afb6d89d480
 SHA1(fips.h)= 58386539af75f8f622b041a43bf1880fee8642f7
 SHA1(fips_err.h)= 8d9fd3ab3e6ca5297c5714e7f6cd9834e22b4cba
diff --git a/fips/fips.c b/fips/fips.c
index 980520e408..e5861efdf3 100644
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -55,9 +55,12 @@
 #include <openssl/evp.h>
 #include <string.h>
 #include <limits.h>
+#include "fips_locl.h"
 
 #ifdef FIPS
 
+int FIPS_md5_allowed;
+
 int FIPS_selftest()
     {
     return FIPS_selftest_sha1()
@@ -143,6 +146,10 @@ int FIPS_mode_set(int onoff,const char *path)
     return 1;
     }
 
+void FIPS_allow_md5(int onoff)
+    {
+    FIPS_md5_allowed=onoff;
+    }
 
 #if 0
 /* here just to cause error codes to exist */
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index fae8eadada..ee7f357459 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -118,6 +118,7 @@
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 #include "cryptlib.h"
+#include "../fips/fips_locl.h"
 
 static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
@@ -1166,7 +1167,16 @@ static int ssl3_get_key_exchange(SSL *s)
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
+#ifdef OPENSSL_FIPS
+				if(s->version == TLS1_VERSION && num == 2)
+					FIPS_allow_md5(1);
+#endif
+				
 				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
+#ifdef OPENSSL_FIPS
+				if(s->version == TLS1_VERSION && num == 2)
+					FIPS_allow_md5(1);
+#endif
 				q+=i;
 				j+=i;
 				}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 37cf730d0e..3dcb511568 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -124,6 +124,7 @@
 #include <openssl/krb5_asn.h>
 #include <openssl/md5.h>
 #include "cryptlib.h"
+#include "../fips/fips_locl.h"
 
 static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
@@ -1215,8 +1216,16 @@ static int ssl3_send_server_key_exchange(SSL *s)
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
+#ifdef OPENSSL_FIPS
+					if(s->version == TLS1_VERSION && num == 2)
+						FIPS_allow_md5(1);
+#endif
 					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
+#ifdef OPENSSL_FIPS
+					if(s->version == TLS1_VERSION && num == 2)
+						FIPS_allow_md5(0);
+#endif
 					q+=i;
 					j+=i;
 					}
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index da90078a37..38a458f9b8 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -129,6 +129,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include "ssl_locl.h"
+#include "../fips/fips_locl.h"
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 	{
@@ -491,7 +492,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	else
 		{
 #ifndef OPENSSL_NO_X509_VERIFY
+# ifdef OPENSSL_FIPS
+		if(s->version == TLS1_VERSION)
+			FIPS_allow_md5(1);
+# endif
 		i=X509_verify_cert(&ctx);
+# ifdef OPENSSL_FIPS
+		if(s->version == TLS1_VERSION)
+			FIPS_allow_md5(0);
+# endif
 #else
 		i=0;
 		ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index ddd8114587..2d502d1354 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -122,6 +122,7 @@
 #include <openssl/lhash.h>
 #include <openssl/x509v3.h>
 #include "cryptlib.h"
+#include "../fips/fips_locl.h"
 
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
 
@@ -2152,7 +2153,18 @@ int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
 		const char *CApath)
 	{
-	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
+	int r;
+
+#ifdef OPENSSL_FIPS
+	if(ctx->method->version == TLS1_VERSION)
+	    FIPS_allow_md5(1);
+#endif
+	r=X509_STORE_load_locations(ctx->cert_store,CAfile,CApath);
+#ifdef OPENSSL_FIPS
+	if(ctx->method->version == TLS1_VERSION)
+	    FIPS_allow_md5(0);
+#endif
+	return r;
 	}
 #endif
 
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 42289c255b..0800d243da 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -133,6 +133,7 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/fips.h>
 
 #define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
 				     on Compaq platforms (at least with DEC C).
@@ -198,6 +199,9 @@ static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
 	fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+	fprintf(stderr,"-F             - run test in FIPS mode\n");
+#endif
 	fprintf(stderr," -server_auth  - check server certificate\n");
 	fprintf(stderr," -client_auth  - do client authentication\n");
 	fprintf(stderr," -v            - more output\n");
@@ -369,6 +373,10 @@ int main(int argc, char *argv[])
 	clock_t s_time = 0, c_time = 0;
 	int comp = 0;
 	COMP_METHOD *cm = NULL;
+#ifdef OPENSSL_FIPS
+	int fips_mode=0;
+	const char *path=argv[0];
+#endif
 
 	verbose = 0;
 	debug = 0;
@@ -400,7 +408,16 @@ int main(int argc, char *argv[])
 
 	while (argc >= 1)
 		{
-		if	(strcmp(*argv,"-server_auth") == 0)
+		if(!strcmp(*argv,"-F"))
+			{
+#ifdef OPENSSL_FIPS
+			fips_mode=1;
+#else
+			fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+			exit(0);
+#endif
+			}
+		else if	(strcmp(*argv,"-server_auth") == 0)
 			server_auth=1;
 		else if	(strcmp(*argv,"-client_auth") == 0)
 			client_auth=1;
@@ -534,6 +551,7 @@ bad:
 		goto end;
 		}
 
+
 	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
 		{
 		fprintf(stderr, "This case cannot work.  Use -f to perform "
@@ -543,6 +561,20 @@ bad:
 		EXIT(1);
 		}
 
+#ifdef OPENSSL_FIPS
+	if(fips_mode)
+		{
+		if(!FIPS_mode_set(1,path))
+			{
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			exit(1);
+			}
+		else
+			fprintf(stderr,"*** IN FIPS MODE ***\n");
+		}
+#endif
+
 	if (print_time)
 		{
 		if (!bio_pair)
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 271e247eea..a03272217f 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -115,6 +115,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
+#include "../fips/fips_locl.h"
 
 static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 			int sec_len, unsigned char *seed, int seed_len,
@@ -177,8 +178,13 @@ static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
 	S2= &(sec[len]);
 	len+=(slen&1); /* add for odd, make longer */
 
-	
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(1);
+#endif
 	tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(0);
+#endif
 	tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
 
 	for (i=0; i<olen; i++)
@@ -656,7 +662,13 @@ int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(1);
+#endif
 	EVP_DigestFinal_ex(&ctx,out,&ret);
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(0);
+#endif
 	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
@@ -675,7 +687,13 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
 
 	EVP_MD_CTX_init(&ctx);
 	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(1);
+#endif
 	EVP_DigestFinal_ex(&ctx,q,&i);
+#ifdef OPENSSL_FIPS
+	FIPS_allow_md5(0);
+#endif
 	q+=i;
 	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
 	EVP_DigestFinal_ex(&ctx,q,&i);
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index 27f8441049..6547fa6025 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -279,6 +279,7 @@ test_engine:
 
 test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
+	@$(SET_SO_PATHS); sh ./testfipsssl keyU.ss certU.ss certCA.ss
 	@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
@@ -554,6 +555,9 @@ $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
 	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
+	if echo "$(CFLAG)" | grep " -DFIPS" > /dev/null 2> /dev/null; then \
+	  $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(SSLTEST); \
+	fi
 
 $(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
 	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
diff --git a/test/testfipsssl b/test/testfipsssl
new file mode 100644
index 0000000000..9f06fa845a
--- /dev/null
+++ b/test/testfipsssl
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+
+ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
+
+ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
+
+if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+  extra=""
+else
+  extra="$4"
+fi
+
+#############################################################################
+
+echo test ssl3 DOESN\'T work
+$ssltest -ssl3 $extra && exit 1
+
+echo test ssl2 DOESN\'T work
+$ssltest -ssl2 $extra && exit 1
+
+echo test tls1
+$ssltest -tls1 $extra || exit 1
+
+echo test tls1 with server authentication
+$ssltest -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication
+$ssltest -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication
+$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+echo test tls1 via BIO pair
+$ssltest -bio_pair -tls1 $extra || exit 1
+
+echo test tls1 with server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
+
+echo test tls1 with client authentication via BIO pair
+$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
+
+echo test tls1 with both client and server authentication via BIO pair
+$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
+
+# note that all the below actually choose TLS...
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+#############################################################################
+
+if ../apps/openssl no-dh; then
+  echo skipping anonymous DH tests
+else
+  echo test tls1 with 1024bit anonymous DH, multiple handshakes
+  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+if ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+  if ../apps/openssl no-dh; then
+    echo skipping RSA+DHE tests
+  else
+    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+  fi
+fi
+
+exit 0
diff --git a/test/testssl b/test/testssl
index ca8e718022..6dab0dff3e 100644
--- a/test/testssl
+++ b/test/testssl
@@ -31,7 +31,7 @@ else
 fi
 
 #############################################################################
-
+set -x
 echo test sslv2
 $ssltest -ssl2 $extra || exit 1